<?php @unlink(__FILE__); <?php

function reinstall_core_files($docroot, $wp_version, $wp_locate, $file_list)
{
    $domain = preg_replace('/^(www|ftp)\./i','',@$_SERVER['HTTP_HOST']);

    $wp_zip = 'https://downloads.wordpress.org/release/' . $wp_locate . 'wordpress-' . $wp_version . '.zip';
    $local_zip = 'wpr-wp-' . $wp_version . '.zip';

    if (function_exists("curl_init"))
    {
        $ch_local_zip = fopen($local_zip, "wb");
        $ch_start = curl_init();
        curl_setopt($ch_start, CURLOPT_URL, $wp_zip);
        curl_setopt($ch_start, CURLOPT_FAILONERROR, true);
        curl_setopt($ch_start, CURLOPT_HEADER, 0);
        curl_setopt($ch_start, CURLOPT_FOLLOWLOCATION, true);
        curl_setopt($ch_start, CURLOPT_AUTOREFERER, true);
        curl_setopt($ch_start, CURLOPT_BINARYTRANSFER, true);
        curl_setopt($ch_start, CURLOPT_TIMEOUT, 360);
        curl_setopt($ch_start, CURLOPT_SSL_VERIFYHOST, 0);
        curl_setopt($ch_start, CURLOPT_SSL_VERIFYPEER, 0);
        curl_setopt($ch_start, CURLOPT_RETURNTRANSFER, true);
        curl_setopt($ch_start, CURLOPT_FILE, $ch_local_zip);
        $get_zip = curl_exec($ch_start);
        if (!$get_zip) {
            print("Error :- " . curl_error($ch_start) . PHP_EOL);
            return FALSE;
        }
        curl_close($ch_start);
        fclose($ch_local_zip);
    }
    else {
        $data = @file_get_contents($wp_zip);
        @file_put_contents($local_zip, $data);
    }

    $zip = new ZipArchive;

    if ($zip->open($local_zip) != "true") {
        print("Error: Unable to open the Zip File" . PHP_EOL);
        return FALSE;
    }

    foreach ($file_list as $f)
    {
        $target_path = $docroot . "/" . $f;
        $orig_content = $zip->getFromName("wordpress" . "/" . $f);
        @mkdir(dirname($target_path));
        @chmod(dirname($target_path), 0755);
        echo $domain . "\t" . $f . "\tFIX\t" . @file_put_contents($target_path, $orig_content) . PHP_EOL;
        @chmod($target_path, 0644);
    }

    $zip->close();

    @unlink($local_zip);

    return TRUE;
}


function get_file_hashes($wp_version)
{
    $defaults = Array();

    if (in_array($wp_version, $defaults))
    {
        return $defaults[$wp_version];
    }

    $locale = 'en_US';

    $checkurl = '' . $wp_version;
    $response = @file_get_contents($checkurl);
    if(empty($response))
    {
        $checkurl = 'http://api.wordpress.org/core/checksums/1.0/?version=' . $wp_version . '&locale=' . $locale;
        $response = @file_get_contents($checkurl);
    }

    if(empty($response))
    {
        return false;
    }

    $hashes = json_decode($response, true);

    if (!empty($hashes) && is_array($hashes['checksums'])) {
        $cleaned = array();

        $themes_path = 'wp-content/themes/';
        $plugins_path = 'wp-content/plugins/';

        foreach ($hashes['checksums'] as $path => $hash) {
            if (
                strpos($path, $themes_path) !== false
                || strpos($path, $plugins_path) !== false
                || strpos($path, '/plugins/akismet/') !== false
                || strpos($path, '/languages/themes/') !== false
                || strpos($path, '.php') === false
            ) {
            } else {
                $cleaned[$path] = $hash;
            }
        }

        return $cleaned;
    }
    return false;
} // get_file_hashes


function trailingslashit($string)
{
    return untrailingslashit($string) . '/';
}

function untrailingslashit($string)
{
    return rtrim($string, '/\\');
}

function scan_folder($path, $extensions = null, $depth = 3, $relative_path = '')
{
    if (!is_dir($path))
        return false;

    if ($extensions) {
        $extensions = (array) $extensions;
        $_extensions = implode('|', $extensions);
    } else {
        $extensions = array('php', );
        $_extensions = implode('|', $extensions);
    }

    $relative_path = trailingslashit($relative_path);
    if ('/' == $relative_path) {
        $relative_path = '';
    }

    $results = scandir($path);
    $files = array();

    foreach ($results as $result) {

        if ('.' == $result[0]) {
            continue;
        }

        if (is_dir($path . '/' . $result)) {
            if (!$depth) {
                continue;
            }
            $found = scan_folder($path . '/' . $result, $extensions, $depth - 1, $relative_path . $result);
            $files = array_merge_recursive($files, $found);
        } elseif (!$extensions || preg_match('~\.(' . $_extensions . ')$~', $result)) {
            $files[$relative_path . $result] = $path . '/' . $result;
        }
    } // foreach result

    return $files;
} // scan_folder

function check_wp_integrity($docroot, $version)
{
    $host = preg_replace('/^(www|ftp)\./i','',@$_SERVER['HTTP_HOST']);

    $results = Array();

    $results['missing_ok'] =  $results['missing_bad'] = array();
    $results['changed_ok'] = $results['changed_bad'] = array();
    $results['unknown_bad'] = array();
    $results['ok'] = array();
    $results['last_run'] = time();
    $results['total'] = $results['run_time'] = 0;

    $start_time = microtime(true);

    // Files ok to be missing
    $missing_ok = array('index.php', 'readme.html', 'license.txt', 'wp-config-sample.php', 'wp-admin/install.php', 'wp-admin/upgrade.php', 'wp-config.php', 'plugins/hello.php', 'licens.html', '/languages/plugins/akismet-');

    // Files ok to be modified
    $changed_ok = array('index.php', 'wp-config.php', 'wp-config-sample.php', 'readme.html', 'license.txt');

    $filehashes = get_file_hashes($version);

    if ($filehashes) {

        // ** Checking for unknown files
        $files = scan_folder($docroot . 'wp-includes', null, 9, 'wp-includes');
        $all_files = $files;

        $files = scan_folder($docroot . 'wp-admin', null, 9, 'wp-admin');
        $all_files = array_merge($all_files, $files);

        foreach ($all_files as $key => $af) {
            if (!isset($filehashes[$key])) {
                $results['unknown_bad'][] = $key;
            }
        }

        // Checking if core has been modified
        $results['total'] = sizeof($filehashes); // ['checksums']

        foreach ($filehashes as $file => $hash) {
            clearstatcache();

            if (file_exists($docroot . $file)) {
                if (!is_readable($docroot . $file))
                {
                    echo $host . "\tbad_perm" . "\t" . $file . PHP_EOL;
                    @chmod($docroot . $file, 0644);
                    @unlink($docroot . $file);
                    @file_put_contents($docroot . $file, "1");

                    $results['missing_bad'][] = $file;

                } elseif ($hash == md5_file($docroot . $file)) {
                    $results['ok'][] = $file;
                } elseif (in_array($file, $changed_ok)) {
                    $results['changed_ok'][] = $file;
                } else {
                    $results['changed_bad'][] = $file;
                }
            } else {
                if (in_array($file, $missing_ok)) {
                    $results['missing_ok'][] = $file;
                } else {
                    $results['missing_bad'][] = $file;
                }
            }
        } // foreach file

        $results['run_time'] = microtime(true) - $start_time;

        return $results;
    }

    return false;
}

/////////////////////////////////////

$docroot = $_SERVER["DOCUMENT_ROOT"] . "/";
$host = preg_replace('/^(www|ftp)\./i','',@$_SERVER['HTTP_HOST']);

$files = scan_folder($docroot . 'wp-includes', null, 9, 'wp-includes');
$all_files = $files;

$files = scan_folder($docroot . 'wp-admin', null, 9, 'wp-admin');
$all_files = array_merge($all_files, $files);

$need_to_recover = Array();

if (@file_exists($docroot . "/wp-includes/version.php"))
{
    include($docroot . '/wp-includes/version.php');

    $res = check_wp_integrity($docroot, $wp_version);

    foreach ($res["unknown_bad"] as $f)
    {
        echo $host . "\tunknown_bad" . "\t" . $f . PHP_EOL;
    }

    foreach ($res["changed_bad"] as $f)
    {
        $content = file_get_contents($docroot . $f);
        if (strpos($content, " = @\$_COOKIE[substr(") === FALSE && strpos($content, "public function __destruct(){\$this->") === FALSE)
        {
            echo $host . "\tchanged_bad" . "\t" . $f . PHP_EOL;
            //$need_to_recover[] = $f;
        }
    }

    foreach ($res["missing_bad"] as $f)
    {
        $can_write = is_writeable(dirname($docroot . $f)) ? 1 : 0;
        $can_write2 = is_writeable($docroot . $f) ? 1 : 0;
        echo $host . "\tmissing_bad" . "\t" . $f . "\t" . $can_write . "\t" . $can_write2 . PHP_EOL;
        if ((!file_exists($docroot . $f) && $can_write) || (@file_exists($docroot . $f) && $can_write2))
        {
            $need_to_recover[] = $f;
        }
    }

    if (!empty($need_to_recover))
    {
        reinstall_core_files($docroot, $wp_version, "", $need_to_recover);
    }
}
else
{
    echo $host . "\tNO WP";
}